General

  • Target

    February Order.exe

  • Size

    973KB

  • Sample

    210118-sswm13h3xa

  • MD5

    5ca7336524c9c0bc899fb3a9b3c9a5d8

  • SHA1

    83e2fa92a7ac8f3f1950af7fd9f439bfb6353593

  • SHA256

    011e18466a15d6a18399caac2f3317b86ae944699f0ef8b332e9995b47767a6f

  • SHA512

    9ebad8871ddd213982dd197a10bc0d352dd659eec743ca1ec3a060ee7aefb96927a728aeb6a9f53db3efeec6bc8156bc4971ff1043aebce104e80ad51d65ef6c

Malware Config

Extracted

Family

formbook

C2

http://www.tokomw.com/wt8z/

Decoy

blerdofmouth.com

talkheavy33.com

beautynewsreport.com

ashihun83.icu

fexkehv.icu

athe3bina.online

qkshu5.com

legendsfxmarketsreview.com

irisalerts.com

valkings.com

fullyplanted.com

jackmiramusic.com

stationcamphockey.com

ahlfb.com

detailsmatterinc.com

allenkohler.com

artefactoshop.com

quefarra.com

preloved.mobi

queenstyle.salon

Targets

    • Target

      February Order.exe

    • Size

      973KB

    • MD5

      5ca7336524c9c0bc899fb3a9b3c9a5d8

    • SHA1

      83e2fa92a7ac8f3f1950af7fd9f439bfb6353593

    • SHA256

      011e18466a15d6a18399caac2f3317b86ae944699f0ef8b332e9995b47767a6f

    • SHA512

      9ebad8871ddd213982dd197a10bc0d352dd659eec743ca1ec3a060ee7aefb96927a728aeb6a9f53db3efeec6bc8156bc4971ff1043aebce104e80ad51d65ef6c

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks